Logging in to Workday using Identity Server

The following topics guide you through configuring Workday and the WSO2 Identity Server (IS) to enable logging into Workday through the WSO2 IS.

Login to the Workday account as an administrator.
Open the Edit Tenant Setup and click Security.
Select the Enable SAML Authentication checkbox.
Enter the identity provider name and the issuer as follows.
- Identity Provider Name: wso2_is
- Issuer: localhost
Add the public certificate of the Identity Provider (which you extracted as a prerequisite)
Click on create and insert Name, Valid To, Valid from, and the certificate in the interface that appears.
Enable the Workday initiated logout as seen below.
Set the following environments.
Generate a private key pair if you do not already have one. This certificate will be used inside the WSO2 IS to validate the incoming authentication and logout requests from Workday.
Enter the following details and click OK. Finally, click Done.

Start the IS server and log in to the management console.
Navigate to Service Providers>Add under the Main menu and add a new service provider.
Expand the Inbound Authentication Configuration section, then the SAML2 Web SSO Configuration Section and click Configure.
In the form that appears, fill out the following configuration details required for single sign-on and click Register.

See the following table for the details.
Click Update to save.
Access the ACS URL from your browser to login to Workday using the WSO2 IS: https://www.myworkday.com/<Your workday tenant name>/login-saml2.flex.

To change the Issuer value that comes with SAML response through the Identity server, do the following:

Login to the management console and navigate to Identity Providers>List under the Main menu.
Click on Resident Identity Provider.
Expand the Inbound Authentication Configuration section and then the SAML2 Web SSO Configuration section.
Change the value of the Identity Provider Entity ID to the required Issuer value and click Update.